Thoropass

Audience: CSP vendor owner, compliance manager

Thoropass allows for the exclusion of specific objects identified in a monitor that are causing a monitor test to fail. One way to exclude certain objects is to manually exclude them as detailed <a href="https://help.thoropass.com/en/articles/6295770-how-do-i-fix-a-monitor">here</a>. However, there are scenarios where resources and objects are created in your cloud infrastructure that are created often or dynamically and these may not be in scope for your compliance program.

- Proof of concepts
- Development/test resources

To automatically exclude a resource, the tag (or label in GCP) should follow the structure below:

Value: Justification for excluding the resource. This will show up in your monitor in Thoropass just like a manual exclusion.

- Key: <code>thoropassignore</code>
- Value: Justification for excluding the resource. This will show up in your monitor in Thoropass just like a manual exclusion.

In each CSP, you will find an example and the respective documentation for the service you want to exclude. These examples below show you how to manually add tags for each provider. If you use any deployment service in your development pipeline or templates the thoropassignore tag can be deployed using those as well when applicable.

Documentation: <a href="https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging-resources.html" rel="nofollow noopener noreferrer" target="_blank">AWS Tagging Resources</a>

In AWS, you can add a tag to the resource you wish to exclude. Make sure the tag key is <code>thoropassignore</code> and the value is the justification as its value.

That same instance will be excluded in the respective monitor in the Thoropass app:

Documentation: <a href="https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources" rel="nofollow noopener noreferrer" target="_blank">Azure Tag Resources</a>

In Azure, follow the same procedure as in AWS.

GCP Documentation: <a href="https://cloud.google.com/resource-manager/docs/creating-managing-labels" rel="nofollow noopener noreferrer" target="_blank">GCP Managing Labels</a>

For GCP, the process is similar but with a minor difference. GCP uses "labels" instead of "tags".

- AWS
 Documentation: <a href="https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging-resources.html" rel="nofollow noopener noreferrer" target="_blank">AWS Tagging Resources</a>
 In AWS, you can add a tag to the resource you wish to exclude. Make sure the tag key is <code>thoropassignore</code> and the value is the justification as its value.
 
 Example: 
 
 That same instance will be excluded in the respective monitor in the Thoropass app:

- Azure
 Documentation: <a href="https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources" rel="nofollow noopener noreferrer" target="_blank">Azure Tag Resources</a>
 In Azure, follow the same procedure as in AWS. 
- GCP Documentation: <a href="https://cloud.google.com/resource-manager/docs/creating-managing-labels" rel="nofollow noopener noreferrer" target="_blank">GCP Managing Labels</a>
 For GCP, the process is similar but with a minor difference. GCP uses "labels" instead of "tags".

Auto-exclusion, AWS, GCP, Azure, Tags, Labels

[CSP] Monitor Auto exclusion guide

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

[CSP] Monitor Auto exclusion guide

Introduction

Tag/Label Specifications

Instructions by Cloud Service Provider

AWS

Azure